Proxmox host became unreachable after aggressive port scan

[openaspace]

Hi.
I have setup my host hypervisor to answer only from my static ip address.
Today , performing an aggressive port and vulnerability scan from different ip with a vpn using zenmap , the proxmox host control pannell give me time-out error from my white listed IP.

What I can do to avoid this?

 

[oguz]

hi,

do you have fail2ban set up? maybe you got yourself banned

or if you're not hosting your server yourself, your hoster could have some protection in place

 

[openaspace]

Hi,
yes I have fail2ban on, but the port scan was coming from different ip, not my whitelisted static ip.

 

[openaspace]

also I can connect from ssh

 

[oguz]

do a fail2ban-client status proxmox and see if your IP is in there

 

[openaspace]

hi, the problem was : ifupdown2 ....
the host was reacheable from ssh .. vm was online.. but the proxmox was off

after uninstalling it and rebooting the host, it's all ok

 

[oguz]

glad your issue is solved. but what makes me wonder is, was it just a coincidence or did you actually trigger this with the nmap scan somehow?

 

[openaspace]

Hi.
I can't test why this happened.
It's a single host and I can't try to reproduce the error.
After the aggressive port scan (3 contemporary scan from 3 different networks) I have realized that the vmbr0 was unreachable though ssh was answering from public network.

Sometimes on first ssh connection, the connection was refused or in time out.

Reboot command was non working, qm commands not working...

I have powered off each vm connecting directly from each vm, and performed and hard reset on the host. After reboot the vmbr0 was till not responding, therefore uninstalled ifupdown2 and rebooted the host and all works correctly now.